[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04

Colin Watson cjwatson at canonical.com
Fri Mar 30 16:14:11 UTC 2012 

I've uploaded upstream's suggested workaround for most of the problems
here.  It isn't complete, and in particular it doesn't deal with the
server in the bug description (see the Debian bug for a categorisation
of the problems here), which is why I've left this bug open at a lowered
importance.

openssl (1.0.1-2ubuntu3) precise; urgency=low

  * Temporarily work around TLS 1.2 failures as suggested by upstream
    (LP #965371):
    - Use client version when deciding whether to send supported signature
      algorithms extension.
    - Experimental workaround to large client hello issue: if
      OPENSSL_NO_TLS1_2_CLIENT is set then TLS v1.2 is disabled for clients
      only.
    - Compile with -DOPENSSL_NO_TLS1_2_CLIENT.
    This fixes most of the reported problems, but does not fix the case of
    servers that reject version numbers they don't support rather than
    trying to negotiate a lower version (e.g. www.mediafire.com).

 -- Colin Watson <cjwatson at ubuntu.com>  Fri, 30 Mar 2012 17:11:45 +0100

** Changed in: openssl (Ubuntu Precise)
   Importance: High => Medium

** Changed in: openssl (Ubuntu Precise)
       Status: Confirmed => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/965371

Title:
  HTTPS requests fail on some sites on Ubuntu 12.04

Status in OpenSSL cryptography and SSL/TLS toolkit:
  Confirmed
Status in “openssl” package in Ubuntu:
  Triaged
Status in “openssl” source package in Precise:
  Triaged
Status in “openssl” package in Debian:
  New

Bug description:
  This week, HTTPS connections from a Python script I wrote started
  giving me this error:

  urllib2.URLError: <urlopen error [Errno 8] _ssl.c:497: EOF occurred in
  violation of protocol>

  This used to work up until some three days ago and still works on
  other Ubuntu versions, but not in other Python versions on Precise. I
  was suspecting this was a bug in Python, but a guy on AskUbuntu (
  http://askubuntu.com/questions/116020/python-https-requests-urllib2
  -to-some-sites-fail-on-ubuntu-12-04-without-proxy/116059#116059 )
  found out this happens using the openssl command line tool too:

  $ openssl s_client -connect www.mediafire.com:443

  But succeeds if forcing TLS 1 with the -tls1 argument.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions

More information about the foundations-bugs mailing list